package net.ymate.framework.webmvc.intercept;

import javax.servlet.http.HttpServletRequest;
import net.ymate.framework.core.Optional;
import net.ymate.framework.core.support.TokenProcessHelper;
import net.ymate.platform.core.beans.intercept.IInterceptor;
import net.ymate.platform.core.beans.intercept.InterceptContext;
import net.ymate.platform.webmvc.context.WebContext;
import net.ymate.platform.webmvc.util.CookieHelper;
import net.ymate.platform.webmvc.view.impl.HttpStatusView;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:WEB-INF/lib/ymate-framework-core-2.0.6.jar:net/ymate/framework/webmvc/intercept/RequestTokenInterceptor.class */
public class RequestTokenInterceptor implements IInterceptor {
    @Override // net.ymate.platform.core.beans.intercept.IInterceptor
    public Object intercept(InterceptContext interceptContext) throws Exception {
        if (!IInterceptor.Direction.BEFORE.equals(interceptContext.getDirection())) {
            return null;
        }
        HttpServletRequest request = WebContext.getRequest();
        String str = interceptContext.getContextParams().get(Optional.REQUEST_TOKEN_NAME);
        if (StringUtils.isBlank(str)) {
            str = StringUtils.defaultIfBlank(interceptContext.getOwner().getConfig().getParam(Optional.REQUEST_TOKEN_NAME), "Request-Token");
        }
        boolean z = false;
        boolean z2 = false;
        CookieHelper cookieHelper = null;
        String parameter = request.getParameter(str);
        if (StringUtils.isBlank(parameter)) {
            parameter = request.getHeader(str);
            if (StringUtils.isBlank(parameter)) {
                cookieHelper = CookieHelper.bind();
                parameter = cookieHelper.getCookie(str).toStringValue();
                z2 = StringUtils.isNotBlank(parameter);
            } else {
                z = true;
            }
        }
        boolean isTokenValid = TokenProcessHelper.getInstance().isTokenValid(request, str, parameter, true);
        if (z || z2) {
            String saveToken = TokenProcessHelper.getInstance().saveToken(request, str);
            if (z) {
                WebContext.getResponse().addHeader(str, saveToken);
                CookieHelper.bind().removeCookie(str);
            } else {
                cookieHelper.allowUseHttpOnly().setCookie(str, saveToken);
            }
        }
        if (isTokenValid) {
            return null;
        }
        return HttpStatusView.BAD_REQUEST;
    }
}
